Embed Size (px)
DESCRIPTION
Performance Management Presentation Access Control. Team Members: Major Billy Alford, Team Leader Bill Brosius, Alex Salah, Cassandra Harris ORS National Institutes of Health 21 January 2004. Table of Contents. Main Presentation PM Template ……………………………….……………… 3 - PowerPoint PPT Presentation
Citation preview
1
Performance Management Presentation
Access Control
Team Members:
Major Billy Alford, Team LeaderBill Brosius, Alex Salah, Cassandra Harris
ORS National Institutes of Health
21 January 2004
2
Table of Contents
Main Presentation
PM Template ……………………………….……………… 3
Customer Perspective……………………….…………….. 7
Internal Business Process Perspective………………….. 18
Learning and Growth Perspective………………………… 30
Financial Perspective………………………………………. 37
Conclusions ………………………………………………… 45
3
DS3: Manage and operate building entry and security systems
DS2: Install and maintain building entry and security systems
Value Proposition
Team Members
21-Jan-04
Service Strategy
Bill Brosius, Alex Salah, Cassandra Harris
Maj. Billy Alford
We will deliver coordinated and unified services by achieving a high level of access control by providing highly trained staff and a state of the art access control system that can expand as needs arise. In addition, we will implement a contingency access control plan for heightened alert levels.
Strategy Description
To ensure only Authorized Persons gain access to NIH Facilities, to mitigate & reduce risks to the NIH, to provide the most secure work environment possible, and to ensure NIH is in compliance with all applicable laws, rules, and regulations. Through a sound access control program, we will ensure the safety and security of NIH staff, patients, visitors, and property. These services are tailored to accommodate the unique culture, history, intellectual assets and diversity of the Nation’s leading biomedical research center while adhering to federal guidelines, policies, and regulations.
Team Leader
Manage the NIH Access Control Program
Service Group
Performance Management Plan (PMP)
DS1: Issue and manage access/ID cards
Discrete Services
Division Approval/Date: Associate Director Approval/Date:
Operational Excellence
Customer Intimacy
Product Leadership
Growth
Sustain
Harvest
4
Introduction to Access Control
• Reasons• To protect the people, property, and research of
the NIH • To ensure the Safety & Security of NIH employees• NIH research is a National Resource• NIH is a part of the Public Health Critical
Infrastructure
5
Link between Access Control and Personnel Security
• One component of Access control is personnel security
• Positions are designated at a particular Sensitivity Level – Non-Sensitive, Public Trust, or National Security
• Background investigations are conducted to determine whether a person is suitable for employment in that position
• NIH Police conducts interim background checks• 4679 background checks conducted in FY03
• Determination is made on where the individual may be granted physical access
• Access controls ensure only those authorized may enter
• This presentation will focus only on access control• Personnel security will be addressed during FY04
6
Provide anenvironment that is
safe and secure
Increase customersatisfaction
Decrease the probabilityof unauthorized access
Improve AccessControls at High-Risk areas and
CriticalInfrastructures
Minimize disruption to theNIH community by
expediting access to NIHgrounds and facilities
Minimize unitcosts
Increase knowledge,skills, and abilities ofAccess Control staff
Improve use ofinnovativetechnologyLearning &
Growth
FinanceInternalBusiness
Customer
Relationship Among Performance Objectives
7
Customer Perspective
8
Customer Perspective
Objective Measure FY 04 TargetFY05
TargetFY06
TargetInitiative
C1a: Development of the Access Control Plan and continuation of formal review for approval.
100% completion and Official Approval of Policy
Full Implementation of Policy
Review Policy and alter as necessary
Develop Access Control Plan; implement approved aspects of the Plan; further formal review and approval of the Access Control Plan.
C1b. Percent of planned installation of card readers and access control systems as specified in the Security Device Application Guide (SDAG)
BaselineEqual or greater than FY04
Equal or greater than FY05
Ensure all necessary card readers are installed and are installed according to the SDAG; continue to assess areas of need and process IC requests
C1. Decrease the probability of unauthorized access to campus entrances, designated facilities, and other specially protected areas
9
C1a: Development of the Access Control Program and continuation of formal review for approval
• 75% completion of development of the Access Control Program
• Program presented to Associate Director of ORS for Security and Emergency Response
• Program presented to Associate Director of NIH for Research Services
• Program presented to Deputy Director for Management of the NIH
• Will measure implementation once full-approval is granted
10
C1b. Percent of planned installation of card readers and access control systems
• 100% completion of the 1-for-1 replacement of card readers from previous system in FY03
• 100% completion of improved access controls for Select Agent Labs in FY03
• Will track percent installation of planned new card readers and access control systems in FY04
11
Customer Perspective
Objective Measure FY 04 TargetFY05
TargetFY06
TargetInitiative
C2: Provide an environment that is safe and secure for personnel and others while at NIH facilities
C2: Percent of badges issued to those in need of an NIH ID/access badge, by type/category, and granting of authorized access to those with badge.
Baseline >FY04 >FY05
Provide ID/access badges and appropriate authorized access, to those authorized to access NIH campuses and facilities.
12
C2: Percent of Badges issued to those in need of an NIH ID
• Provide ID/access badges and appropriate authorized access, to those authorized to access NIH campuses and facilities
• Those in need:• All NIH personnel (FTEs, Contractors, Fellows, etc)• Others with legitimate business at NIH facilities (Patients,
Volunteers, Tenants, Guests, Service Providers, etc)
• The badge is the access control measure• Badge provides
• Identification – picture ID• Verification – proves holder has authorized access
13
C2: Identification Badges Issued-FY03
12%
44%17%
2%
3%
10%
8%0% 4% Employee
Contractor
Fellow
Guest
Summer
Volunteer
Tenant
ExtendedVisitor
Patient/PatientVisitor
Note: 10,211 badges issued.
14
Customer Perspective (cont.)
Objective Measure FY 04 TargetFY05
TargetFY06
TargetInitiative
C3: Increase customer satisfaction with access control
C3a: Customer Scorecard ratings.
Baseline >FY04 >FY05
Define customers of Access Control, and develop ORS Customer Scorecard for collection of data.
15
Customer Scorecard Methodology
• Clarified critical customers in FY03 for Access Control• Lab Directors• Facility Managers• Biosafety Officers • NIH Radiation Safety Officer
• Work to design a method to assess customer needs and satisfaction with these customer groups during FY04
16
Customer PerspectiveWhat does the data tell you?
• Completed work to develop Access Control Program, now need full approval so implementation can be tracked
• 100% replacement all old card readers and improved access controls for select agents during FY03
• Issued over 10,000 badges in FY03 • 44% of badges issued were to contractors
17
Customer PerspectiveWhat actions are planned?
• Gain approval of Access Control Program and begin implementation
• Install new card readers and access control systems as planned and where requested
• Work with personnel security to ensure legitimacy of persons badged
• Develop the Customer Scorecard with OQM, in order to assess customer needs for Access Control
18
Internal Business Process Perspective
19
Internal Business Process Perspective
Objective Measure FY 04 TargetFY05
TargetFY06
TargetInitiative
IB1a: Percent of access control measures implemented for select agents labs and storage.
100 %Equal or greater than FY04
Equal or greater than FY05
IB1b. Percent of access control measures implemented at radiological facilities.
> 30 % >FY04 >FY05
IB1c. Percent of access control measures implemented at sensitive IT facilities.
Baseline >FY04 >FY05
IB1d. Percent of access control measures implemented at sensitive mechanical facilities.
Baseline >FY04 >FY05
IB1: Improve access control to critical infrastructures and high-risk areas
Continue to assess high-risk areas at the NIH, including sensitive laboratories, radiological facilities, and critical infrastructure, such as IT closets and mechanical rooms, as well as any new areas deemed high-risk.
20
IB1a: Percent of Access Control Measures Implemented for Select Agent Lab and Storage
• 100% of Select Agent Labs had access controls installed in FY03• Card readers• Biometrics
21
IB1b: Percent of Access Control Measures Implemented at Radiological Facilities
• 30% of Radiological laboratories and storage facilities had access controls installed in FY03• Card readers• Door contacts
22
IB1c: Percent of Access Control Measures Implemented at Sensitive IT Facilities
• Sensitive IT facilities were surveyed in FY03, and access control installations began
• Survey is still ongoing – “population” of sensitive IT facilities still to be determined• LAN closets• Server Rooms• Computer Rooms
23
IB1d: Percent of Access Control Measures Implemented at Sensitive Mechanical Facilities• A survey of sensitive mechanical rooms began and a
pilot program for installing access controls is underway
• Survey is ongoing to locate and assess sensitive mechanical rooms
24
Internal Business Process Perspective
Objective Measure FY 04 TargetFY05
TargetFY06
TargetInitiative
IB2a: Percent completion of the NIH-Bethesda Perimeter Security System (PSS).
100% completion of Perimeter Fence
>FY04 >FY05
Increase implementation and development of Perimeter Security System.
IB2b. Number of card readers per layer/component of PSS
> 941 at Buildings; Baseline other layers
>FY04 >FY05
Increase development of automated Andover access control technology
IB2: Minimize disruption to the NIH community by expediting access to NIH grounds and facilities
25
Perimeter Security System (PSS)
• Layered approach to Access Control• Perimeter Fence, Visitors Center,
Commercial Vehicle Inspection Station (CVI), West Dr Patients Entrance
• Building perimeter doors• Particular floors or office areas, Labs, and
particular rooms
26
IB2a: Percent completion of the NIH-Bethesda PSS
• 90% completion of physical Perimeter Fence• 100% completion scheduled for 3rd Quarter FY04
• 100% design completion of Temporary Visitors Center
• 35% design completion of Visitors Center• 50% design completion of Patient Entrance• 35% design completion of CVI
27
IB2b: Number of card readers per layer/component of PSS
• 345 card readers installed at/in buildings in FY03
17%
66%
17% Buildingperimeter
Buildinginterior
Sensitive areas
28
Internal Business Process PerspectiveWhat does the data tell you?
• Physical Perimeter Fence will be 100% completed in FY04
• Perimeter Security System (PSS) components are mostly in the design phase
• The majority of our card readers are for interior building spaces
29
Internal Business Process PerspectiveWhat actions are planned?
• Establish a Temporary Visitors Center to centrally process visitors at the Perimeter until Visitors Center complex is completed
• Change from Visitor “stickers” to Andover-capable cards
• Begin connectivity of automated access controls at Perimeter Fence
• Andover capabilities are planned for all layers of the PSS
• Actively identifying sensitive areas for card reader installation
30
Learning and Growth Perspective
31
Learning and Growth Perspective
Objective Measure FY 04 TargetFY05
TargetFY06
TargetInitiative
LG1: Increase knowledge, skills and abilities of Access Control staff
LG1: Percent of IDP tasks completed.
Baseline >FY04 >FY05
Create IDPs for Access Control staff to develop individual skills; log training completed and certificates earned.
32
LG1: Percent of IDP tasks completed
• Baseline measures need to be established• IDPs must be created
33
Learning and Growth Perspective
Objective Measure FY 04 TargetFY05
TargetFY06
TargetInitiative
LG2: Increase use of innovative technology
LG2: Hours of skill enhancement and technology use
Baseline >FY04 >FY05
Increase staff skills in using access control technologies; utilize online Training Tool for knowledge. Skill, and ability enhancement
34
LG2: Hours of skill enhancement by technology type
• Baseline measures need to be established• Technologies must be identified
35
Learning and Growth PerspectiveWhat does the data tell you?
• Need to identify Baselines for measurements• Need to identify types of technology with
which to improve
36
Learning and Growth PerspectiveWhat actions are planned?
• Baseline team member KSAs and create Individual Development Plans (IDP)
• Utilize online Police Training Tool for personal KSA building
• Identify technologies and skills necessary for Access Control team
37
Financial Perspective
38
Financial Perspective (cont.)
Objective Measure FY 04 TargetFY05
TargetFY06
TargetInitiative
F1: Minimize unit cost for issuance and management of access/ID badges
F1: Number of badges issued
BaselineEqual or greater than FY04
Equal or greater than FY05
Define unit cost and develop budget numbers
F2: Minimize unit cost for installation and maintainence of building entry and security systems
F2: Number of card readers installed
Baseline >FY04 >FY05
Optimize card reader installation to increase automated access control
F3: Minimize unit cost for management and operation of building entry and security systems
F3: Number of automated Andover access events
22,000 per day >FY04 >FY05
Increase number of automated access events vs. Guard Force monitored events
39
F1: Number of Badges Issued
• Unit measure is number of badges issued• 10,211 badges issued in FY03
• Budget numbers need to be formalized for this program before meaningful unit cost can be calculated
40
F2: Number of Card Readers installed
• Unit measure is number of card readers installed• 345 card readers installed in FY03
• Budget numbers need to be formalized for this program before meaningful unit cost can be calculated
41
F3: Number of automated access events
•22,026 per day
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIHGeorge W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
George W.Bush
11/02/04
001-2345-678
NIH
42
F3: Number of automated access events
• Unit measure is number of automated access events per day• > 22,000 automated access events/day in FY03• As automated events increase, monitored events
should decrease• Greater use of Andover system will further justify
the investment
• Budget numbers need to be formalized for this program before meaningful unit cost can be calculated
43
Financial PerspectiveWhat does the data tell you?
• Over 10,000 badges were issued in FY03• 345 card readers were installed in FY03• There were over 22,000 automated access
events per day in FY03
44
Financial PerspectiveWhat actions are planned?
• Track similar unit measures during FY04 to understand change over time
• Develop budget numbers for Access Control Service Group
• Initiative to increase automated Access Controls in effort to decrease overall security costs
45
Conclusions
46
Conclusions
• Major Findings:• Completed work to develop Access Control Program, now
need full approval so implementation can be tracked• 100% replacement of old card readers and improvement of
access controls for select agents during FY03• Physical Perimeter Fence will be 100% completed in FY04
• Perimeter Security System (PSS) components are mostly in the design phase
• Need to identify baselines for Learning and Growth measures
• Issued over 10,000 badges, installed 345 card readers, and Andover system experienced over 22,000 automated access events per day in FY03
47
Conclusions (cont.) • Initiatives for FY04
• Gain approval of Access Control Program and begin implementation
• Install new card readers and access control systems as planned and where requested
• Work with personnel security to ensure legitimacy of persons badged
• Develop the Customer Scorecard in order to assess customer needs for Access Control
• Establish a Temporary Visitors Center to centrally process visitors at the Perimeter until Visitors Center complex is completed
• Change from Visitor “stickers” to Andover-capable cards• Begin connectivity of automated access controls at Perimeter
Fence• Andover capabilities are planned for all layers of the PSS• Identify sensitive areas for card reader installation
48
Conclusions (cont.)
• Initiatives for FY04• Baseline team member KSAs and create Individual
Development Plans (IDP)• Utilize online Police Training Tool for personal KSA building• Identify technologies and skills necessary for Access Control
team• Track similar unit measures during FY04 to understand
change over time • Develop budget numbers for Access Control Service Group• Initiative to increase automated Access Controls in effort to
decrease overall security costs
